Privacy Policy

SocialNira (the "Service") is operated by AX SOLUTIONS Jakub Górski, ul. kpt. pilota Żwirki 1C/4D, 90-448 Łódź, Poland, NIP 9820391754 (the "Administrator" under RODO Art. 4(7)). For any privacy matter you can contact us at support@socialnira.com.

• Account data: email address, password hash, full name (optional), timezone.
• Connected accounts: Facebook user/page IDs, names, profile picture URLs, access tokens (encrypted at rest), follower counts. Same for Instagram and Threads when you connect them.
• Content you create: post captions, scheduled times, uploaded media (images, video), tag suggestions.
• Publishing logs: timestamps and Facebook/Instagram/Threads response codes for posts we published on your behalf.
• Usage data: pages visited, features used, error reports.
• Billing data: when you subscribe via Stripe, we receive (but do not store card details) plan, status, period end, and a Stripe customer/subscription ID. Card data is held by Stripe, Inc. (a PCI-DSS Level 1 processor).

• Contract performance (RODO Art. 6(1)(b)): account and connected-accounts data is required to provide the Service.
• Legitimate interest (Art. 6(1)(f)): usage data for product improvement and abuse detection.
• Consent (Art. 6(1)(a)): marketing emails, where applicable. You can withdraw consent any time without affecting your account.
• Legal obligation (Art. 6(1)(c)): invoices, tax records (kept 5 years per Polish accounting law).

• Meta Platforms, Inc. — Facebook + Instagram + Threads APIs (your published content goes to them).
• Stripe Payments Europe, Ltd. — payment processing (Ireland).
• OpenAI, L.L.C. — AI Ideas content generation, when you use that feature. Your post captions and connected-page metadata are sent to generate ideas.
• Replicate, Inc. — AI image generation for AI Ideas.
• Anthropic, PBC — backup AI provider for AI Ideas (used only when OpenAI is unavailable).
• UpCloud Ltd. (Finland) — server hosting (EU/EEA).
• SEOhost (h28.seohost.pl, Poland) — transactional email delivery.

All sub-processors are bound by data processing agreements (DPA) and operate either in the EU/EEA or under valid Article 46 safeguards (Standard Contractual Clauses).

• Account data: as long as your account exists, plus 30 days after deletion for backup retention.
• Publishing logs: 90 days, then automatically purged.
• AI Idea history: 180 days.
• Invoices and billing records: 5 years (Polish accounting law).

Under RODO you have the right to:

• Access (Art. 15) + portability (Art. 20): download a JSON export of your data at any time from Settings → Download your data.
• Rectification (Art. 16): edit your profile in Settings.
• Erasure (Art. 17): delete your account in Settings → Delete account. We erase your data within 30 days, except records we're legally required to keep.
• Restriction (Art. 18) or objection (Art. 21): email support@socialnira.com.
• Lodge a complaint: with the Polish data-protection authority (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa).

We use only essential cookies (session, CSRF) — no advertising, analytics or third-party tracking cookies. We do not sell or share your data with advertisers.

Access tokens are encrypted at rest with AES-256-GCM. Passwords are stored as bcrypt hashes (cost 12). All connections use TLS 1.2+ with HSTS. Our infrastructure is hosted in the EU.

Material changes are notified by email at least 30 days before taking effect. You can withdraw consent and delete your account at any time before the change takes effect.